SQL injection vulnerability in view_news.php in Vastal I-Tech MMORPG Zone allows remote attackers to execute arbitrary SQL commands via the news_id parameter. NOTE: the game_id vector is already covered by CVE-2008-4460.
Max CVSS
7.5
EPSS Score
0.14%
Published
2009-09-30
Updated
2017-08-17
SQL injection vulnerability in offers_buy.php in Alibaba Clone 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
Max CVSS
7.5
EPSS Score
0.20%
Published
2009-09-30
Updated
2009-10-01
Multiple SQL injection vulnerabilities in search.aspx in BPowerHouse BPHolidayLettings 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) rid and (2) tid parameters.
Max CVSS
7.5
EPSS Score
0.17%
Published
2009-09-30
Updated
2009-10-01
SQL injection vulnerability in music.php in BPowerHouse BPMusic 1.0 allows remote attackers to execute arbitrary SQL commands via the music_id parameter.
Max CVSS
7.5
EPSS Score
0.20%
Published
2009-09-30
Updated
2009-10-01
SQL injection vulnerability in students.php in BPowerHouse BPStudents 1.0 allows remote attackers to execute arbitrary SQL commands via the test parameter in a preview action.
Max CVSS
7.5
EPSS Score
0.20%
Published
2009-09-30
Updated
2017-08-17
Multiple SQL injection vulnerabilities in BPowerHouse BPGames 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) cat_id parameter to main.php and (2) game_id parameter to game.php.
Max CVSS
7.5
EPSS Score
0.17%
Published
2009-09-30
Updated
2009-10-01
SQL injection vulnerability in employee.aspx in BPowerHouse BPLawyerCaseDocuments 1.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter.
Max CVSS
7.5
EPSS Score
0.20%
Published
2009-09-30
Updated
2009-10-01
SQL injection vulnerability in php/update_article_hits.php in HBcms 1.7 allows remote attackers to execute arbitrary SQL commands via the article_id parameter.
Max CVSS
6.8
EPSS Score
0.12%
Published
2009-09-30
Updated
2009-10-01
SQL injection vulnerability in view_listing.php in Vastal I-Tech Agent Zone (aka The Real Estate Script) allows remote attackers to execute arbitrary SQL commands via the id parameter.
Max CVSS
7.5
EPSS Score
0.12%
Published
2009-09-30
Updated
2009-10-01
Cross-site scripting (XSS) vulnerability in view_mag.php in Vastal I-Tech DVD Zone allows remote attackers to inject arbitrary web script or HTML via the mag_id parameter.
Max CVSS
4.3
EPSS Score
0.25%
Published
2009-09-30
Updated
2009-10-01
SQL injection vulnerability in view_mag.php in Vastal I-Tech DVD Zone allows remote attackers to execute arbitrary SQL commands via the mag_id parameter, a different vector than CVE-2008-4465.
Max CVSS
7.5
EPSS Score
0.19%
Published
2009-09-30
Updated
2009-10-01
Multiple SQL injection vulnerabilities in index.php in T-HTB Manager 0.5, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in a delete_category action, (2) the name parameter in an update_category action, and other vectors.
Max CVSS
6.8
EPSS Score
0.09%
Published
2009-09-30
Updated
2018-10-10
Multiple cross-site scripting (XSS) vulnerabilities in Zenas PaoBacheca Guestbook 2.1 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) scrivi.php and (2) index.php.
Max CVSS
4.3
EPSS Score
0.30%
Published
2009-09-30
Updated
2017-08-17
Multiple PHP remote file inclusion vulnerabilities in Loggix Project 9.4.5 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the pathToIndex parameter to (1) Calendar.php, (2) Comment.php, (3) Rss.php and (4) Trackback.php in lib/Loggix/Module/; and (5) modules/downloads/lib/LM_Downloads.php.
Max CVSS
7.5
EPSS Score
0.63%
Published
2009-09-30
Updated
2017-09-19
SQL injection vulnerability in the Kinfusion SportFusion (com_sportfusion) component 0.2.2 through 0.2.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid[0] parameter in a teamdetail action to index.php.
Max CVSS
7.5
EPSS Score
0.13%
Published
2009-09-30
Updated
2009-10-02
GNU Wget before 1.12 does not properly handle a '\0' character in a domain name in the Common Name field of an X.509 certificate, which allows man-in-the-middle remote attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
Max CVSS
6.8
EPSS Score
0.41%
Published
2009-09-30
Updated
2017-09-19
Adobe Photoshop Elements 8.0 installs the Adobe Active File Monitor V8 service with an insecure security descriptor, which allows local users to (1) stop the service via the stop command, (2) execute arbitrary commands as SYSTEM by using the config command to modify the binPath variable, or (3) restart the service via the start command.
Max CVSS
7.8
EPSS Score
0.06%
Published
2009-09-30
Updated
2024-02-08
Cross-site scripting (XSS) vulnerability in the Bibliography (aka Biblio) module 6.x-1.6 for Drupal allows remote authenticated users, with certain content-creation privileges, to inject arbitrary web script or HTML via the Title field, probably a different vulnerability than CVE-2009-3479.
Max CVSS
2.1
EPSS Score
0.10%
Published
2009-09-30
Updated
2017-08-17
Multiple cross-site scripting (XSS) vulnerabilities in the J-Web interface in Juniper JUNOS 8.5R1.14 allow remote authenticated users to inject arbitrary web script or HTML via (1) the JEXEC_OUTID parameter in a JEXEC_MODE_RELAY_OUTPUT action to the jexec program; the (2) act, (3) refresh-time, or (4) ifid parameter to scripter.php; (5) the revision parameter in a rollback action to the configuration program; the m[] parameter to the (6) monitor, (7) manage, (8) events, (9) configuration, or (10) alarms program; (11) the m[] parameter to the default URI; (12) the m[] parameter in a browse action to the default URI; (13) the wizard-next parameter in an https action to the configuration program; or the (14) Contact Information, (15) System Description, (16) Local Engine ID, (17) System Location, or (18) System Name Override SNMP parameter, related to the configuration program.
Max CVSS
3.5
EPSS Score
0.28%
Published
2009-09-30
Updated
2009-10-02
Multiple cross-site scripting (XSS) vulnerabilities in the J-Web interface in Juniper JUNOS 8.5R1.14 allow remote authenticated users to inject arbitrary web script or HTML via the host parameter to (1) the pinghost program, reachable through the diagnose program; or (2) the traceroute program, reachable through the diagnose program; or (3) the probe-limit parameter to the configuration program; the (4) wizard-ids or (5) pager-new-identifier parameter in a firewall-filters action to the configuration program; (6) the cos-physical-interface-name parameter in a cos-physical-interfaces-edit action to the configuration program; the (7) wizard-args or (8) wizard-ids parameter in an snmp action to the configuration program; the (9) username or (10) fullname parameter in a users action to the configuration program; or the (11) certname or (12) certbody parameter in a local-cert (aka https) action to the configuration program.
Max CVSS
3.5
EPSS Score
0.28%
Published
2009-09-30
Updated
2009-10-05
Cross-site scripting (XSS) vulnerability in the J-Web interface in Juniper JUNOS 8.5R1.14 and 9.0R1.1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI.
Max CVSS
4.3
EPSS Score
0.25%
Published
2009-09-30
Updated
2009-10-05
Stack-based buffer overflow in Core FTP 2.1 build 1612 allows user-assisted remote attackers to execute arbitrary code via a long hostname in an FTP server entry in a site backup file. NOTE: some of these details are obtained from third party information.
Max CVSS
9.3
EPSS Score
7.84%
Published
2009-09-30
Updated
2017-08-17
Heap-based buffer overflow in the Create New Site feature in GlobalSCAPE CuteFTP Professional, Home, and Lite 8.3.3 and 8.3.3.0054 allows user-assisted remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a site list containing an entry with a long label.
Max CVSS
9.3
EPSS Score
1.73%
Published
2009-09-30
Updated
2017-08-17
TrustPort Antivirus before 2.8.0.2266 and PC Security before 2.0.0.1291 use weak permissions (Everyone: Full Control) for files under %PROGRAMFILES%, which allows local users to gain privileges by replacing executables with Trojan horse programs.
Max CVSS
7.8
EPSS Score
0.04%
Published
2009-09-30
Updated
2024-02-08
A certain interface in the iCRM Basic (com_icrmbasic) component 1.4.2.31 for Joomla! does not require administrative authentication, which has unspecified impact and remote attack vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Max CVSS
7.5
EPSS Score
0.18%
Published
2009-09-30
Updated
2009-10-01
574 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!